CVE-2026-34028 Unauthenticated direct access to web data in Wertheim SafeController Software exposes files

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, exposes web-accessible file paths that are not protected by an authorization scheme. An unauthenticated attacker can directly access HTTP endpoints to download files from locations such as /Resources/CompanyIdID/Audio/ and...

CVE-2026-34028

The CVE-2026-34028 entry concerns Wertheim SafeController Software (AssemblyVersion 6.15.8328.28014). It exposes web-accessible file paths that lack authorization, allowing an unauthenticated attacker to directly download files via HTTP endpoints such as /Resources/CompanyId_[ID]/Audio/ and /Safe...

CVE-2026-34028 Unauthenticated direct access to web data in Wertheim SafeController Software exposes files

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, exposes web-accessible file paths that are not protected by an authorization scheme. An unauthenticated attacker can directly access HTTP endpoints to download files from locations such as /Resources/CompanyIdID/Audio/ and...

EUVD-2026-36711

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, exposes web-accessible file paths that are not protected by an authorization scheme. An unauthenticated attacker can directly access HTTP endpoints to download files from locations such as /Resources/CompanyIdID/Audio/ and...

When Creating a Safe Via ODSafeManager::openSAFE, the User Proxy Is Wrongly Set As the Safe Owner

Lines of code Vulnerability details Impact We can observe from Vault721::mint function that the input usr in ODSafeManager::openSAFE function needs to be a previously built proxy of the user address. function mintaddress proxy, uint256 safeId external requiremsg.sender == addresssafeManager, 'V72...